I’m trying to write a program that can read an NTFS filesystem from binary. However, I’ve run into an issue with trying to understand the INDEX_ROOT attribute in a file record. Specifically, I’m trying to figure out how the $SDH stream in $Secure works. Specifically, I have the following questions: